Skills
NYC
skills/delorenj/unfuck-my-git-state-skill/unfuck-my-git-state/Gen Agent Trust Hub

unfuck-my-git-state

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • Data Exposure (LOW): The scripts/snapshot_git_state.sh tool captures repository metadata, including git remote -v and git reflog. These files are stored in a local .git-state-snapshots directory. This metadata can contain sensitive information such as API tokens in remote URLs or historical data in the reflog. This exposure is intrinsic to the skill's purpose of Git state recovery.
  • Indirect Prompt Injection (LOW): The scripts/guided_repair_plan.sh script parses local Git output (e.g., branch names, worktree paths). A malicious repository could craft metadata to influence the script's diagnostic logic.
  • Ingestion points: Reads worktree_list.txt and status.txt generated from local Git commands in scripts/snapshot_git_state.sh.
  • Boundary markers: None identified.
  • Capability inventory: The skill suggests Git commands and provides a playbook for manual .git/HEAD modification.
  • Sanitization: No sanitization of Git output is performed before parsing.
  • Command Execution (SAFE): The skill utilizes standard Git commands for its operations. All command execution is focused on repository management and is consistent with the skill's stated goal of repository recovery.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:39 PM